Skrivebordet forsvinner etter oppstart!

[Scyper]

skrivebordet mitt på pcen xP forsvinner 5 sec etter opp start så driver det og kommer te bake og forsvinner vært 5 sec og legger ned alt av spill og vinduer på pcen. vetikke om det er et virus eller hva det er men jeg har prøvd alt JEG kan superantispyware og en god del andre programmer Hijackthis 2.0 også noen som har en ide om hva det kan være ? trenger hjelp fort

Takker på forhand ( btw har vista hvis det har noe og si )

[InsertNumLock]

Kan du poste loggen fra hijackthis?

 

Googlet litt rundt. Virker som dette er et problem lokalisert i regedit:

 

Kan du prøve dette:

Logg på maskinen. Trykk Ctr + Alt + Del. Trykk fil, ny oppgave, skriv regedit.exe

følg stien HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows NT -> Current Version -> og trykk på winlogon en gang. Finn Shell i listen som kommer opp, og dobbelklikk på den.

Skriv explorer.exe, om det står explorer.exe fra før, så visker du det ut og skriver det en gang til. Restart maskinen og rapporter her.

Endret 12. september 2008 av Hille

[Scyper]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:27:44, on 12.09.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Benjamin\AppData\Local\Temp\pmnoOEtR.dll,c

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll

O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll

O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll

O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll

O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll

O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll

O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll

O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll

O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll

O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll

O10 - Unknown file in Winsock LSP: c:\program files\explabs.com\linkscanner\wrnetdrv.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

 

--

End of file - 4793 bytes

 

 

nr jeg trykker ny oppgave eller hva nå en det var svarer ikke programmet og hele pcen henger seg opp :/

[Scyper]

Driver fremdeles med det samme :/ har prøvd det du sa

Endret 12. september 2008 av Scyper

[InsertNumLock]

fjerne,

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Benjamin\AppData\Local\Temp\pmnoOEtR.dll,c

 

Edit: Du kan forresten laste ned LSPFix, og kjøre en reparer på følgende fil:

wrnetdrv.dll

 

Edit2: og med det samme vi er i gang så kan du laste ned http://downloads2.superantispyware.com/dow...iSpywarePro.exe

kjør full systemscan. Forhåpentligvis så finner den en fil som heter Vundo.

Vundo skaper problemer for shell, som fører til at explorer krasjer slik som den gjør hos deg.

Endret 12. september 2008 av Hille

[Scyper]

HKEY_LOCAL_MACHINE\SYSTEM+CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMENTERS IS MISSING OR COULD NOT BE ACCESSED HVA SKAL JEG GJØRE... ops caps ;P

[InsertNumLock]

Er du innlogget som administrator?

[Scyper]

ja har kun 1 bruker på pcen

[InsertNumLock]

I mellomtiden kan du teste det jeg skrev under edit2, om du ikke allerede er i gang :]

[snippsat]

To valg du kan prøve.

 

1.

Sett den tilbake da dette ikke var et problem.

Start->kjør

Lim inn fet tekst %systemroot%\system32\restore\rstrui.exe

 

2.

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programmet kjører.

post logg C:\combofix.txt

[Scyper]

ossen skal jeg klare og kjøre et program når jeg ikke får trykt på snart knappen for den fovinner også :/

[Scyper]

finner ikke C:\Windows\system32\restore\rstrui.exe.

[norbat]

Prøv fra sikker modus (tapp F8 under oppstart)

[Scyper]

ok med internett da eller?

[norbat]

Hvis du ikke har lastet ned combofix, så starter du med nettverk og får lastet ned progarmmet.

[Scyper]

jeg har registrert versjon av spyware doctor og den fant trojan dowloader og trojanske hester og fjernet det med det er fremdels samme problemet SUPERantispyware finner vundo men det blir ikke fjerna uansett hvor mange ganger jeg prøver...

[norbat]

Derfor skal du kjøre combofix. Den vil, i tillegg til å fjerne en hel del vundo-filer, lage en logg som kan fortelle om det er flere filer som skal fjernes.

[Scyper]

ok skal prøve det også

[Scyper]

ComboFix 08-09-12.07 - Benjamin 2008-09-13 13:37:27.1 - NTFSx86 NETWORK

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1044.18.616 [GMT 2:00]

Running from: C:\Users\Benjamin\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

C:\Users\Benjamin\DOCUME~1\My Documents.url

C:\Users\Benjamin\Documents\My Documents.url

C:\Windows\system32\m3

C:\Windows\system32\MSINET.oca

C:\Windows\system32\t1

 

.

((((((((((((((((((((((((( Files Created from 2008-08-13 to 2008-09-13 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-13 11:41 --------- d---a-w C:\PROGRA~2\TEMP

2008-09-13 10:42 --------- d-----w C:\Program Files\Spyware Doctor

2008-09-12 22:00 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-09-12 21:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-09-12 16:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-09-12 16:00 --------- d-----w C:\Program Files\Norton Security Scan

2008-09-12 13:55 --------- d-----w C:\Program Files\Camtech

2008-09-10 20:41 --------- d-----w C:\PROGRA~2\Microsoft Help

2008-09-10 20:38 --------- d-----w C:\Program Files\Microsoft Works

2008-09-10 20:04 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-09-10 20:04 --------- d-----w C:\PROGRA~2\Malwarebytes

2008-09-10 19:25 --------- d-----w C:\Program Files\RogueRemover FREE

2008-09-10 19:16 1,864 ----a-w C:\Windows\System32\tmp.reg

2008-09-09 22:08 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys

2008-09-09 22:08 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys

2008-09-09 13:20 --------- d-----w C:\Program Files\UltimateEnhancer

2008-09-08 21:38 88,576 ----a-w C:\Windows\System32\AntiXPVSTFix.exe

2008-09-08 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-08 13:09 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-09-08 12:55 --------- d-----w C:\Program Files\UltimateContext

2008-09-07 10:49 --------- d-----w C:\Program Files\Warcraft III

2008-09-02 14:51 86,528 ----a-w C:\Windows\System32\VACFix.exe

2008-09-01 13:18 --------- d-----w C:\Program Files\Logitech

2008-09-01 13:18 --------- d-----w C:\PROGRA~2\Logitech

2008-08-31 15:33 --------- d-----w C:\Program Files\EA GAMES

2008-08-30 20:41 --------- d-----w C:\Program Files\Echo Images

2008-08-30 20:24 --------- d-----w C:\Program Files\Ashampoo

2008-08-30 17:16 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-29 18:34 147,456 ----a-w C:\Users\Benjamin\vbzip10.dll

2008-08-29 18:34 115,968 ----a-w C:\Users\Benjamin\a.zip

2008-08-29 18:30 71 ----a-w C:\Users\Benjamin\1480.bat

2008-08-29 18:30 550 ----a-w C:\Users\Benjamin\417.bat

2008-08-29 18:30 44,544 ----a-w C:\Users\Benjamin\index.exe

2008-08-28 20:36 82,432 ----a-w C:\Windows\System32\IEDFix.C.exe

2008-08-28 17:14 --------- d-----w C:\Program Files\MSBuild

2008-08-28 17:13 --------- d-----w C:\Program Files\Microsoft.NET

2008-08-28 17:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2008-08-25 15:33 --------- d-----w C:\Program Files\PFConfig

2008-08-25 09:36 81,288 ----a-w C:\Windows\system32\drivers\iksyssec.sys

2008-08-25 09:36 66,952 ----a-w C:\Windows\system32\drivers\iksysflt.sys

2008-08-25 09:36 40,840 ----a-w C:\Windows\system32\drivers\ikfilesec.sys

2008-08-18 10:19 82,432 ----a-w C:\Windows\System32\404Fix.exe

2008-08-16 21:43 --------- d-----w C:\Program Files\Windows Mail

2008-08-07 19:59 160,792 ----a-w C:\Windows\system32\drivers\pctfw2.sys

2008-08-07 19:38 --------- d-----w C:\Program Files\MSN Messenger

2008-08-07 15:34 --------- d-----w C:\Program Files\Windows Live

2008-08-07 15:25 --------- d-----w C:\PROGRA~2\WLInstaller

2008-08-03 11:35 --------- d-----w C:\Program Files\Rockstar Games

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-07-19 17:48 137,840 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-07-19 17:47 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-07-19 12:11 674,600 ----a-w C:\Windows\System32\pbsvc.exe

2008-07-19 12:11 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2008-07-19 10:16 --------- d-----w C:\PROGRA~2\Blueberry

2008-07-19 10:14 4,608 ----a-w C:\Windows\System32\bbchlp.dll

2008-07-19 10:14 4,096 ----a-w C:\Windows\system32\drivers\bbcap.sys

2008-07-19 10:14 30,720 ----a-w C:\Windows\System32\bbcap.dll

2008-07-19 10:14 --------- dc-h--w C:\PROGRA~2\{21C1E35C-913A-42D2-91B6-6AE1243D6B65}

2008-07-19 10:14 --------- d-----w C:\Program Files\Common Files\Blueberry Software

2008-07-19 10:14 --------- d-----w C:\Program Files\Blueberry Software

2008-07-19 10:14 --------- d-----w C:\PROGRA~2\LogSys

2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe

2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll

2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll

2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll

2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll

2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll

2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll

2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll

2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-14 14:07 --------- d-----w C:\Program Files\LimeWire

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 22:08 230,432 ----a-w C:\PA7311.DAT

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 03:29 565,248 ----a-w C:\Windows\System32\emdmgmt.dll

2008-06-26 03:29 45,056 ----a-w C:\Windows\System32\dataclen.dll

2008-06-26 03:29 303,616 ----a-w C:\Windows\System32\wmpeffects.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-10 20:23 174 --sha-w C:\Program Files\desktop.ini

2008-02-06 21:58 774,144 ----a-w C:\Program Files\RngInterstitial.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]

"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]

"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.CLBR"= P1001Dex.ax

"VIDC.XFR1"= xfcodec.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"="0x00000000"

"UpdatesDisableNotify"="0x00000000"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{54B3C897-4F1B-4D71-A004-961FBC3D1F9E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{3B18BBAE-4277-4DE3-9DAE-060D8C44B129}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{80F0A52C-23B3-4405-8026-CB6E58171DDE}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III

"UDP Query User{CB6ACE65-5104-4CCC-A61E-123C482B79DB}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III

"{BC43E45D-DD99-4CB2-A0DA-5BB8170958EB}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA

"{ADC010B9-6E57-489B-A885-823D698ECF38}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA

"{29A9655F-5516-4E36-9888-DC2996293538}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{A8F8EEDB-5E61-4A88-B871-60731AD852CC}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent

"{5F9C2C47-1D7A-4EB4-B414-042986554F06}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{E4103036-3CC9-4EC2-897F-DD9402DBFA13}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{19B0B253-6ADF-4C4B-A4F4-9435919DA318}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{9A45DBF0-E0F3-490C-A368-05874CBF613D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{9212BA77-2522-45EB-88C9-B822341080B6}"= UDP:3724:Blizzard Downloader

"TCP Query User{A7D72A81-69CA-4FA5-AAAE-72F89965143A}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= UDP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient

"UDP Query User{887C9BE8-7824-46BE-8088-A463D6947F9E}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= TCP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient

"{BFEA77D4-DD61-4869-8268-90ED2EB84F5B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{EE02480F-569B-44BD-B7C4-5A5F27F9F510}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{18492534-9809-435D-86EE-B95857CC3ACC}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{6523DFC6-0DA3-4893-84A0-83BCBAC73BFC}C:\\program files\\valve\\steam\\steamapps\\didd_cool\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\didd_cool\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{4AB71DC9-3C5C-4896-AA1F-474A2CA8AA47}C:\\program files\\valve\\steam\\steamapps\\didd_cool\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\didd_cool\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{C9E52546-3FAD-4F6A-B2A7-726821F8C418}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{F391D1C3-32E5-48FB-810F-ACCC109B3F1C}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{BDDD5CB5-CE23-492E-B91C-4D928849B98A}"= UDP:6112:warcraftIII1

"{043A2A50-2625-47D0-8C40-0B9A16878D16}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne

"{C9D28DCD-236F-4031-8F6F-CD83F4082F0E}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne

"{F18C0B77-685E-4651-9017-2688A0B70357}"= UDP:6881:Blizzard Downloader

"TCP Query User{5B25CD3C-9EA9-4B50-9092-299F648EC978}C:\\program files\\garena\\garena.exe"= UDP:C:\program files\garena\garena.exe:Garena

"UDP Query User{A2B439CE-005F-4D8B-B899-155F41E3CEE1}C:\\program files\\garena\\garena.exe"= TCP:C:\program files\garena\garena.exe:Garena

"TCP Query User{29C1FF80-E923-4370-B9E8-3C8C9C71F630}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"UDP Query User{07C7CCEE-9C1E-4395-8C52-CD4A6A8BC9F8}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper

"TCP Query User{A89D4FD0-8057-41CA-B72A-6113274A12C6}C:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:C:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II

"UDP Query User{9B3517EC-33D6-4BD6-9AAB-E24EB64F64CF}C:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:C:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II

"TCP Query User{9069395E-CBEB-4653-836F-3DFC82946750}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{C5F514DB-DCC4-4AA8-B517-BCC83F1937FB}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{AFE0D8DD-BA09-421B-8283-2022F04D3DC1}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\dragon_cs588\counter-strike source\hl2.exe:hl2

"UDP Query User{5A9DC313-ED4B-4606-A798-BED8B8A37FBA}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\dragon_cs588\counter-strike source\hl2.exe:hl2

"TCP Query User{F678E2C7-5DB4-47A2-A8BC-C3599DDA1779}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes

"UDP Query User{D9316544-195B-454F-A0FA-B3FECD77643B}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes

"TCP Query User{B387062F-3B80-41C0-9FC6-F661A0E65C1A}C:\\program files\\garena\\garena.exe"= UDP:C:\program files\garena\garena.exe:Garena

"UDP Query User{41B25842-C0A3-4E16-90A6-07F8D80E38C8}C:\\program files\\garena\\garena.exe"= TCP:C:\program files\garena\garena.exe:Garena

"{7A1EA3C0-B68E-446E-8C1C-B6A75F8D50DD}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne

"{5A2E1F08-44B1-4BFC-848D-4B572A9BE10E}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne

"TCP Query User{39C93D76-1DB5-4BEC-9D35-1E323427D2F2}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III

"UDP Query User{4D3ECD09-27AA-4743-BE5E-FB2ECBCE75D5}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III

"TCP Query User{6047DE9F-4E1A-4882-AC13-5953DE954D6D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{00C28DE6-0BCE-4609-A9EF-B0F939FA6DDD}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{A177F5FE-2F30-4C0E-A01A-0C80F506294A}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{B87A0A2A-03C4-469D-AA17-73AC93A7FB42}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{4E1C58B3-C8A5-4A17-B298-199EAD80070B}"= UDP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable

"{2CC69684-69F6-46DC-89CF-EFC18052B9E7}"= TCP:C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable

"{35C8F5D1-3444-4CEF-B062-305C94CAAB51}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{F7B77449-E39D-4882-8383-06B93997A060}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{386B9435-8A1E-486A-A3B1-3AA51F1970EC}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{417F2B31-4411-4BD7-A5E0-D9F4B5C7C9C9}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{42277855-9600-40F6-BDDA-38214962B423}"= UDP:C:\Users\Benjamin\Desktop\pbsetup.exe:pbsetup

"{9111C5FE-362D-4C1C-A721-A3ACF34B6B33}"= TCP:C:\Users\Benjamin\Desktop\pbsetup.exe:pbsetup

"{D043B70E-5344-494B-9E24-0A86936D56CB}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{9A62623F-81B1-4596-AF83-B9B950E3D8A3}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{7CBF5029-3657-4562-90B5-15BC41616DBF}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\source dedicated server\\srcds.exe"= UDP:C:\program files\valve\steam\steamapps\dragon_cs588\source dedicated server\srcds.exe:srcds

"UDP Query User{B2047309-BE2B-4A1D-BBD6-4AA67098FBA6}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\source dedicated server\\srcds.exe"= TCP:C:\program files\valve\steam\steamapps\dragon_cs588\source dedicated server\srcds.exe:srcds

"TCP Query User{08DBFA6F-B822-44D9-B918-F92A46772B58}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\dedicated server\\hlds.exe"= UDP:C:\program files\valve\steam\steamapps\dragon_cs588\dedicated server\hlds.exe:HLDS Launcher

"UDP Query User{9361B889-F2C3-454F-A501-C90DAD4A6456}C:\\program files\\valve\\steam\\steamapps\\dragon_cs588\\dedicated server\\hlds.exe"= TCP:C:\program files\valve\steam\steamapps\dragon_cs588\dedicated server\hlds.exe:HLDS Launcher

"{373B7BDC-9087-46FE-9779-CB26AE6F0BCB}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{3B9DC44F-90BD-4A31-89EB-5011DAF4CB4E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{07CDA3F3-48DF-4E74-B88A-25269433B5F0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{0A42AB07-C1D2-44BF-BD52-B8AAB46BFC6A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{D0EABA48-5773-46CA-983E-E61AF50116DF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-08-07 160792]

S2 AVWEBCAM;AV WebCam, WDM Video Capture;C:\Windows\system32\DRIVERS\avwebcam.sys [2005-11-22 215552]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]

S3 bbcap;bbcap;C:\Windows\system32\DRIVERS\bbcap.sys [2008-07-19 4096]

S3 P1001VID;Creative WebCam (WDM);C:\Windows\system32\DRIVERS\P1001Vid.sys [2002-01-30 395224]

S3 PAC7311;Trust Webcam 14839;C:\Windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]

S4 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-18 554616]

S4 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2007-12-14 184976]

S4 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-30 87288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

*Newly Created Service* - ECACHE

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-RunOnce-<NO NAME> - (no file)

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\sdg0lqij.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.nettby.no/

FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF -: plugin - C:\Users\Benjamin\Program Files\DNA\plugins\npbtdna.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-13 13:41:58

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-09-13 13:43:32

ComboFix-quarantined-files.txt 2008-09-13 11:43:20

 

Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Post-Run: 142,133,649,408 byte ledig

 

258 --- E O F --- 2008-09-12 21:19:56

[r2d290]

Kjenner du til disse mappene, og dets innhold?

 

C:\Program Files\UltimateEnhancer

C:\Program Files\UltimateContext

C:\Program Files\Echo Images

 

 

Merk: gå gjennom kodeboksen nedenfor, og se at du ikke kjenner igjen noen av filene som står der. Ikke følg denne veiledningen hvis du kjenner igjen det som er oppgitt nedenfor

 

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

 

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

 

File::

C:\Users\Benjamin\vbzip10.dll
C:\Users\Benjamin\a.zip
C:\Users\Benjamin\1480.bat
C:\Users\Benjamin\417.bat
C:\Users\Benjamin\index.exe

Lagre det som CFScript på Skrivebordet

 

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

 

 

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

 

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet.